Cybersecurity is becoming a serious concern over the past couple of years. A number of high profile security breaches have proven that many organizations need better security protocols to protect their customers. Here are some of the most serious security breaches that occurred in recent years.
The Target security breach was probably the most famous. The hackers got access to the company’s Point of Sale (POS) systems with a username and password that was stolen from a contractor for Target. They used malware to steal approximately 40 million credit and debit card numbers.
Lesson Learned: Target said that the hack was highly sophisticated, but security experts said that it could have been easily prevented if Target didn’t give a third party company access to its security systems.
In February, Anthem was the victim of a security breach that affected 80 million customer accounts. Hackers gained access to customer social security numbers and home addresses, but didn’t gain access to banking information.
Lesson Learned: Anthem did a good job handling the PR after the hack occurred. However, the problem could have been prevented if the company paid close attention to the administrator activity and noticed the abnormalities. Users with Admin privileges have more control over a network, so they need to be carefully scrutinized.
CIA Director Email
CIA Director John Brennan’s personal AOL account was hacked in October. The most shocking part of the story was that the hacker was a 13-year old boy that turned out to be a master at social engineering. He did a reverse phone check on Brennan to get information on his Verizon account. He called Verizon and pretended to be a technician doing work for Brennan and got the customer service team to give personal information, which he used to reset Brennan’s email password.
Lessons Learned: There are several lessons that were learned from this case. First of all, it’s always better to use email providers that use SMS verification to reset security settings. Secondly, anyone handling sensitive information needs to be aware of the risk of social engineering and authenticate requests for information.
Army National Guard
The Army National Guard is another example of a government program that suffered from a major security breach. This breach was caused by an internal employee gaining access to information that they should have been barred from due to their security clearance. They stole personal information of 850,000 former and current service members. They transferred the data to an offsite data warehouse.
Lessons Learned: This case demonstrates the need to have strong internal security controls to prevent rogue employees from accessing crucial information.